Jump to content

No application listening on the port spam (2 sec interval)


Recommended Posts

Hey there,

 

I know that the "No application listening on the port" firewall log is usually no problem but it gets spamed into the log file every 2 seconds with the following entry:

 

21.12.2014 8:58:47 PM No application listening on the port 192.168.0.1:45810 255.255.255.255:7437 UDP

 

 

Is this really normal? Any way to disable this from getting logged (logging it every 2 seconds must cost ressources too? :o)

 

Thanks

Link to comment
Share on other sites

  • Administrators

Couldn't it be that you enabled logging of blocked communication in the IDS setup? If so, you should disable it as it only serves for troubleshooting firewall issues.

Link to comment
Share on other sites

Couldn't it be that you enabled logging of blocked communication in the IDS setup? If so, you should disable it as it only serves for troubleshooting firewall issues.

 

Yep I have it enabled but the "No application listening on the port" is no blocking event? 

Link to comment
Share on other sites

Well with that you're of course right. :)

However I tested it and enabled this logging and it doesn't "spam" my firewall log (at least not in a 2 sec interval), so does it "fix" this issue if you disable the option?

 

BTW AFAIK most attacks will still be logged even if you have disabled this option.

 

Edit: Okay, no it spams (more or less) my firewall log. It's not such often and regularly so I could say it's in a 2 sec interval, but it's there.

Edited by rugk
Link to comment
Share on other sites

Disabling the "log blocked events" will also disable the spamming. But I actually want blocked events to be logged. How ever, not if every 2-3 seconds another event is getting logged :/

Link to comment
Share on other sites

  • Administrators

Disabling the "log blocked events" will also disable the spamming. But I actually want blocked events to be logged. How ever, not if every 2-3 seconds another event is getting logged :/

 

If you don't want to disable logging, the firewall log may grow up to several hundred MB or even GB quite quickly. Needless to say that enabling debug logging has an adverse effect on performance as well.

Link to comment
Share on other sites

 

Disabling the "log blocked events" will also disable the spamming. But I actually want blocked events to be logged. How ever, not if every 2-3 seconds another event is getting logged :/

 

If you don't want to disable logging, the firewall log may grow up to several hundred MB or even GB quite quickly. Needless to say that enabling debug logging has an adverse effect on performance as well.

 

Yeah like this: https://forum.eset.com/topic/3751-hips-log-over-3gb/

 

Keep HIPS and Firewall logging disabled, unless you're troubleshooting and might need the logs.  :)

Edited by SweX
Link to comment
Share on other sites

Yes, they are only used for reproducing an issue during troubleshooting purposes, and finding out where the problem lies.

Logging of that type should be disabled.

 

Unless you have a san server saving the logs and you are required to log everything lol.

Edited by Arakasi
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...